Abstract
This document describes how you can monitor devices running Microsoft Windows using a predefined template. This template can address:
- Memory usage
- CPU load
- Disk usage
- Service states
- Running processes
- Event logs (Application or system)
- etc.
Publicly available services that are provided by Windows machines (“HTTP”, “FTP”, “POP3”, etc.) can be monitored by following the documentation on Monitoring publicly available services (HTTP, FTP, SSH, etc.).
The instructions assume that you’ve installed Shinken according to the Installation tutorial. The sample configuration entries below reference objects that are defined in the sample config files (“commands.cfg”, “templates.cfg”, etc.) that was installed if you followed the quickstart.
This document focuses on the agentless method. The agent based method is described in windows monitoring with nsclient++ <windows monitoring with nsclient++>.
Have a valid account on the Microsoft Windows device (local or domain account) you will monitor using WMI queries.
There are several steps you’ll need to follow in order to monitor a Microsoft Windows device.
- Install check_wmi_plus plugin
- Setup a account on the server for the WMI queries
- Declare your windows host in the configuration
- Restart the Shinken Arbiter
To make your life a bit easier, configuration templates are provided as a starting point:
- A selection of check_windows based command definitions have been added to the “commands.cfg” file. This allows you to use the check_wmi_plus plugin.
- A Windows host template (called “windows”) is included the “templates.cfg” file. This allows you to add new Windows host definitions in a simple manner.
The above-mentioned config files can be found in the ///etc/shinken/packs/os/windows// directory. You can modify the definitions in these and other templates to suit your needs. However, wait until you’re more familiar with Shinken before doing so. For the time being, just follow the directions outlined below and you will be monitoring your Windows devices in no time.
The plugin used for windows agent less monitoring is check_wmi_plus. To install it, just launch as root on your shinken server:
./install -p check_wmi_plus
(install is a executable script in the git, the previous name was shinken.sh)
TODO: write on using less than server admin
You need to configure your user account int the /etc/shinken/resources.cfg file or the c:shinkenetcresource.cfg file under windows with the one you just configured:
$DOMAINUSER$=shinken_user
$DOMAINPASSWORD$=superpassword
Now it’s time to define some object definitions in your Shinken configuration files in order to monitor the new Windows device.
We will assume that your server is named srv-win-1. Replace this with the real hostname of your server.
You can add the new host definition in an existing configuration file, but it is good practice to have one file per host, it will be easier to manage in the future. So create a file with the name of your server.
Under Linux:
::
linux:~ # vi /etc/shinken/hosts/srv-win-1.cfg
Or Windows:
::
c:wordpad c:shinkenetchostssrv-win-1.cfg
You need to add a new host definition for the Windows device that you will monitor. Just copy/paste the above definition, change the “host_name”, and “address” fields to appropriate values.
::
- define host{
- use windows host_name srv-win-1 address srv-win-1.mydomain.com }
Note: If you use a hostname be aware that you will have a DNS dependency in your monitoring system. Either have a periodically updated local hosts file with all relevant entries, long caching or use an IP address.
You’re done with modifying the Shinken configuration, so you’ll need to verify your configuration files and restart Shinken.
If the verification process produces any errors messages, fix your configuration file before continuing. Make sure that you don’t (re)start Shinken until the verification process completes without any errors!